Without cryptography, there would be no blockchain, no password management, and no malicious download defense. How we interact with the internet is driven by our interaction with cryptography.
Cryptography is the art of writing codes. Broken down further, cryptography is a subfield of cryptology and refers to the encryption of messages. For secure communication, cryptography creates a mechanism for two parties to communicate privately. A message is encrypted when a piece of information is converted to something incomprehensible, known as ciphertext. Unless a recipient of the ciphertext has the corresponding cipher to decrypt the message, the message can’t be read.
Cryptography has had extensive historical use. One of the more prominent examples is its use during World War II, after the introduction of early computers. Computers allowed for more complex cipher encoding with the ability to process calculations faster than humans. However, with the ability to process more data computers also made it easier for nefarious actors to apply brute-force attacks in solving these ciphers (The Imitation Game is a good watch on the subject). Today, modern algorithms are almost impossible to crack, given the time and effort required. I discussed this in my post on Proof-of-Work, in which I demonstrated the features that made consensus mechanisms fault and attack-intolerant.
Traditionally, cryptography has been used across digital payments, password management, identity authentication, digital signature, and beyond. However, in blockchain, cryptography’s main use is identification, verification, and security.
Hash functions are mathematical operations that convert any data of any size (referred to as the message) into data of a fixed size (referred to as the hash value). In other words, the hash functions take input data and turn it into a standardized data output, such as a string of numbers. The only way to recreate the original message from the hash output is to try all combinations of the hash operation to see if they create a match. This process is time-consuming and effortful, so hash functions are referred to as “one-way” functions.
Some conditions must be met for hash functions to be considered well-designed:
● The same message should always result in the same hash.
● The time and energy to guess the input value should be economically infeasible.
● It is not possible for two different inputs to result in the same hash output.
Assuming these criteria are met, a hash function can be leveraged for more complex uses. Some examples include determining the authenticity of digital files, fingerprinting, and digital signatures. Hashing enables content-based addressing, which means that if the content is not corrupted or changed, the hash will always be the same. For bankers, any linked excel sheets that suddenly have a switched file path, you know this issue well. Hashing solves this.
Symmetric key cryptography refers to a method in which two parties would exchange encrypted messages using an encryption key that they exchanged in a non-cryptographic way. An example of this you may be familiar with is the Caesar Cipher, where letters of the alphabet are shifted by a certain number of letters. The same key (the number of letters shifted in the previous example) would be used to both encrypt and decrypt the message. The key would be derived and transmitted via secret meetings or through couriers. Up until WWII, this was the default method of encryption.
This mechanism, as you’d expect, does not scale. It created a coordination problem between involved parties. When you add the internet into the mix, the method isn’t viable given the unknown, untrusted actors interacting over a public network.
To solve symmetric encryption's coordination and scaling problem, asymmetric encryption introduced public-key cryptography. The method introduced two keys: a public key and a private key.
The private key is a string of numbers only known to the owner. It must be kept confidential, whereas the public key can be given freely to anyone. If I were to send you some BTC, I could send it to your public key, but only you could access the BTC because only your private key could decrypt the “message,” which in this case is some BTC.
Compared to symmetric encryption, two parties don’t need to agree on a shared key to decrypt messages sent between them. They can leverage their private keys, share an encrypted “message” to a public key, and the other party can “unlock” the “message” using their private key.
The image below has one significant difference from the symmetrical encryption image – the public and private keys.
Bitcoin, as a canonical example, uses public-key encryption. The keys create a digital signature demonstrating ownership of those private keys' tokens. An analogy is that the public key is like a physical check, and the private key is the signature on the check verifying ownership and instructions for sending funds, “the message.”
Applying the information in the hash function section of this post, a public key can be derived from a private key, but not the other way around. The computational power needed to create a public key from a private key is effortless, but the other way is arduous. Since a number generally represents the private key, the longer the string of numbers, the more difficult it is to guess that number from someone who doesn’t know it. This embeds security between parties.
Without these mechanisms, the ability to communicate and send “messages” from one person to another in an untrusted, distributed network like the internet would be burdened with scaling and coordination issues.
Hashing transforms large amounts of data into a standardized string of numbers, making it difficult to guess the original. You could hash almost anything, whether a piece of text or an image; applying a hash would turn the original bit-length into the standardized hash. This acts as a method of validity because if someone changes one letter in, say, a ten-thousand-word document, the entire hash will change, which is known as an avalanche effect.
Here's a quick example of how hashing works (using the SHA-256 algorithm) when small changes are applied.
Let’s add a question mark:
As you can see, even the change of a single punctuation point dramatically impacted the hash. The implication is that the hash value serves as a cryptographic derivative of the original message. This serves as a digital fingerprint, ensuring the message’s validity and preserving its integrity.
Cryptography is essential because, without public-key cryptography, the ability to trust the input and output functions of the blockchain would not exist. The public-key cryptography provides a source of truth and guarantees that only those intended to receive the message maintain that privilege.
Special thanks to Samuel Wheeler for editing!